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I CLAIM: 



'l. In a computer system connected to an external communications medium ? a security 
device comprising: 

a programmable firewall device interposedxb^tween the computer system and the 
external communications medium; 

a controller device configured within the computer system such that said controller 
device can access all communicatipiK into and out of the computer system; and 

a communications cteyice for communicating instructions from said controller device to 
uaid firewall device foi^Miliulliiig said fiicwall devitre * 



2. The computer system of claim 1, wherein: 
the computer system is a local area network. 

3. The computer system of claim 1, wherein: 

the external communications medium is the internet. 

4. The computer system of claim 1, wherein: 

the computer system is a local area network operating as an Ethernet network. 

5. The computer system of claim 1 , wherein: 

the controller device examines communications incoming to the computer system for 
code known to be associated with attempted security breaches. 
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The computer system of claim 1 , wherein: 
the controller device examines communications incoming to the computer system for 
patterns of activity indicative of attempted security breaches. 
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The computer system of claip>tf^faerej, 

the controller dgytc€" controls Jjj&^fffewall to block communications between the 
computer systeip^nd the external communications medium when an attempted security breach 
is detects 



V. 



The computer system of claim 1 5 wherein: 

the communications device is a serial data communications link. 



The computer system of claim 1, wherein: 
the controller assigns a value to a perceived attempted security breach; 
and the controller controls the firewall to block communications between the computer 
system and the external communications medium for a predetermined period according to the 
5 value assigned to the perceived attempted security breach. 

The computer system of claim 1, wherein: 

the controller assigns a value to a perceived attempted security breach; 
and the controller controls the firewall to block communications between a selected 
portion of the computer system and the external communications medium according to the value 
5 assigned to the perceived attempted security breach. 
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The computer system of claim 1 , wherein: 

the controller is a general purpose computer programmed to function as described in 



claim 1. 




1^2t The computer system of claim 1 5 wherein: 

the controller and the firewall are each physically distinct computerized units. 

In a local area network attached to a wide area network, a method for improving the 
security of the local area network, comprising: 
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monitoring communications between the local area network and the widejireaHte^ork; 

determining, over time, if the communications between theJoe^Tarea network and the 
wide area network contain patterns of activity indi£§Jive-dfan attempted security breach; and 

controlling a firewall tg^seteCffvely block communications between the local area 
network and the^vkRfarea network depending upon a classification of the attempted security 
^breaqfe"" 
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The method of claim >?f, wherein: 
the wide area network is the internet. 

The method of claim )3, wherein: 

the local area network is an Ethernet local area network. 

13- 



The method of claim wherein: 
the classification of the attempted security breach includes a factor relating to the 
importance of a portion of the local area network which the attempted security breach attempts 
to access. 

lb )p- 

yfl The method of claim wherein: 

the classification of the attempted security breach includes a factor relating to the number 
of attempts made in the course of the attempted security breach. 

^Z. The method of claim V5, wherein: 

the classification of the attempted security breach includes a factor relating to the relative 
sophistication of the attempted security breach. 

The method of claim V^, wherein: 
the classification of the attempted security breach is accomplished by a controller unit 
which is physically distinct from a firewall unit. 
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1$. The method of claim ]^ wherein: 

the firewall unit is controlled through a serial datalink from the controller unit. 



16 



J6355-11C1 

A computer program product comprising a computer usable medium having a computer 
readable code embodied thereon configured to operate on a computer, comprising: 
a detect code operation wherein known improper code is detected; and / 
a detect patterns operational routine wherein a pattern of activity is detected over time. 

22. The computer program product of claim 21, and further including; 
a weighting operation wherein a weight is assigned to a detectedr security breach. 

23 . The computer program product of claim 2 1 , wherein: / 
a firewall is automatically reprogrammed. / 

^d^^ K computer program product comprising a computed/usable medium having a computer 
readable code embodied thereon configured to operate on si computer, comprising: 

at least one detect operation wherein a computer security breach is detected; and 
a weighting operation wherein a weight is assigned according to the importance of the 
security breach. / 

25. The computer program product of claim 24, and further including: 

a react operation wherein a firewall is reprogrammed in real time to react to the security 
breach. / 

^ft*^ ^ computer program product comprising a computer usable medium having a computer 
readable code embodied thereon configures! to operate on a computer, comprising: 

at least one detect operation wherein a computer security breach is detected; and 
a react operation wherein^ fire^lLis- reprogrammed in real time to react to the security 
• broach: ' 

27. The computer program product of claii^26,^vherein: 

said react operation reprograms thp'lirewaJl according to an assigned weight, the assigned 
weight being a function of the type o^ecurity^re^etfdetected. 
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